The sexiness of the Conficker story wore off after April 1st came and went, and subsequently mass hysteria on your TV (at least regarding this particular subject) vanished. About a week after the let down, Conficker.E came alive after all, but instead of communicating directly with the 50,000 URLs, it wormed its around cyberspace via peer-to-peer networks.Another component digs around for exploitable machines and drops a nasty little payload in Windows Registry and hides itself much like how rootkits hide themselves on machines. Once on the machine, the new virus connects to a malicious URL for an encryption download.
And thus is born what TrendMicro is calling Downdac.A, a hybrid of Downad and Waledac, which turns the infected machine into a zombie under the control of the botnet and causes it to download fake antivirus software called Spyware Protect 2009.
"Waledac is a notorious spammer, and is also known for injecting information-stealer codes. FakeAV, meanwhile scares users into buying their ‘security' products by faking infection symptoms, and lately, by employing crimeware routines as well," write Trend Micro's Paul Ferguson and Ivan Macalintal.
Curiously, the whole process has an end date of May 3rd, but researchers are at a loss as to what might happen then.
Source
netizens left a footprint.